Bug#305142: world readable apt.conf with proxy passwd
Package: apt
Version: 0.5.28.1
Severity: grave
Tags: security
Justification: user security hole
During install apt.conf is written; including proxy configuration if
needed. The Proxy string is stored in apt.conf but permissions allow
group and others to read apt.conf hence to get the proxy password which
could even be a real users password.
Best regards,
Alexander Mader.
-- Package-specific info:
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Versions of packages apt depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libgcc1 1:3.4.3-12 GCC support library
ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3
-- no debconf information
Reply to: